Page MenuHomePhabricator

Increase MinimalPasswordLength to 8 for several local and global groups
Closed, ResolvedPublic

Description

Per https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC, it seems like the admins mostly all agree to "Length increase to 8 bytes".

Initially, we will not set a minimum password length to login (which prevents logins for accounts with shorter passwords), so users in these groups, if they have a password shorter than 8, will still be logged in, but will be prompted to change their password every time they login.

Event Timeline

csteipp created this task.Nov 19 2015, 5:55 PM
csteipp claimed this task.
csteipp raised the priority of this task from to High.
csteipp updated the task description. (Show Details)
csteipp changed the visibility from "Public (No Login Required)" to "Custom Policy".
csteipp changed the edit policy from "All Users" to "Custom Policy".
csteipp added subscribers: Krenair, Jalexander, csteipp, Matanya.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 19 2015, 5:55 PM
csteipp renamed this task from Increase MinimalPasswordLength for enwiki sysops to 8 to Increase MinimalPasswordLength to 8 for local enwiki groups: sysops, bureaucrat, steward, and founder.Dec 11 2015, 2:08 AM
csteipp updated the task description. (Show Details)
csteipp changed the visibility from "Custom Policy" to "Public (No Login Required)".
csteipp changed the edit policy from "Custom Policy" to "All Users".
csteipp set Security to None.
Restricted Application added a subscriber: Dereckson. · View Herald TranscriptDec 11 2015, 2:08 AM
Bawolff added a subscriber: Bawolff.EditedDec 11 2015, 2:21 AM

steward and founder are of course global groups. (T104371)

steward and founder are of course global groups. (T104371)

There is a local 'steward' and 'founder' group as well, although it looks like steward has no members, and founder only has one user, predictably.

The global stewards have agreed to raise their policy as well.

local steward is used to get around T14518

Restricted Application added subscribers: JEumerus, Luke081515. · View Herald TranscriptJan 14 2016, 2:32 PM
Bawolff renamed this task from Increase MinimalPasswordLength to 8 for local enwiki groups: sysops, bureaucrat, steward, and founder to Increase MinimalPasswordLength to 8 for several local and global groups.Jan 22 2016, 11:32 AM

Change 272660 had a related patch set uploaded (by CSteipp):
Password policies for advanced permission groups

https://gerrit.wikimedia.org/r/272660

csteipp moved this task from Backlog to In Progress on the Security-Team board.Feb 23 2016, 6:38 PM

Change 276518 had a related patch set uploaded (by CSteipp):
Enforce password policies on labs

https://gerrit.wikimedia.org/r/276518

Restricted Application added a subscriber: Malyacko. · View Herald TranscriptMar 10 2016, 5:54 PM

Change 251678 abandoned by CSteipp:
Set password policy for enwiki sysops

Reason:
Doing I9bf79e16d61b6e7aca89cd7bd05a8ce65685a8c2 instead

https://gerrit.wikimedia.org/r/251678

Change 272660 merged by jenkins-bot:
Password policies for advanced permission groups

https://gerrit.wikimedia.org/r/272660

csteipp closed this task as Resolved.Mar 15 2016, 3:23 PM

With https://gerrit.wikimedia.org/r/272660, this is now enforced on all SUL sites

Change 276518 abandoned by Reedy:
Enforce password policies on labs

Reason:
Dupe of productions, config already applied on beta

https://gerrit.wikimedia.org/r/276518

sbassett moved this task from In Progress to Done on the Security-Team board.Jun 11 2019, 6:05 PM